﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Configuration;

namespace movies
{
    /// <summary>
    /// Summary description for loginAuth
    /// </summary>
    public class LoginAuth
    {
        SqlConnection conn = Utils.getDBConnection();

        public LoginAuth()
        {
            
        }

        
        /// <summary>
        /// Validate username, password passed from login control
        /// </summary>
        /// <param name="username">email id of the customer</param>
        /// <param name="password">password of the customer</param>
        /// <returns>true if username/pwd are valid</returns>
        public bool isValidUser(string username, string password)
        {
            //prepare SQL call
            SqlCommand storedProcCommand = new SqlCommand("dbo.mov_ValidateLogin", conn);
            storedProcCommand.CommandType = System.Data.CommandType.StoredProcedure;
            storedProcCommand.Parameters.AddWithValue("@email", username);
            storedProcCommand.Parameters.AddWithValue("@password", password);
            conn.Open();

            //exec SQL
            SqlDataReader reader = storedProcCommand.ExecuteReader();

            //check if user name and password match the ones in DB
            while (reader.Read())
            {
                return true;
            }

            //clean-up
            reader.Close();
            conn.Close();

            return false;
        }

    }
}
